/home/websdxuk/www/mail.php
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// Function to sanitize input
function sanitize_input($data) {
return htmlspecialchars(trim($data), ENT_QUOTES);
}
// Sanitize all POST data
$sanitized_data = [];
foreach ($_POST as $key => $value) {
$sanitized_data[$key] = sanitize_input($value);
}
// Hardcoded values for testing
$brands = "Website Builders Official";
$address = "support@websitebuildersofficial.com";
// Get user's IP address
$ipAddress = $_SERVER['REMOTE_ADDR'];
$locationData = @file_get_contents("http://ip-api.com/json/{$ipAddress}");
if ($locationData === FALSE) {
$city = 'unknown';
$region = 'unknown';
$country = 'unknown';
$country_code = 'unknown';
} else {
$locationData = json_decode($locationData, true);
$city = $locationData['city'] ?? 'unknown';
$region = $locationData['regionName'] ?? 'unknown';
$country = $locationData['country'] ?? 'unknown';
$country_code = $locationData['countryCode'] ?? 'unknown';
}
// Handle file upload
$file = $_FILES['fileToUpload'] ?? null;
$fileAttachment = '';
if ($file && $file['error'] === UPLOAD_ERR_OK) {
$filePath = $file['tmp_name'];
$fileName = $file['name'];
$fileType = $file['type'];
$fileContent = chunk_split(base64_encode(file_get_contents($filePath)));
// Construct the attachment
$boundary = md5(time());
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: multipart/mixed; boundary=\"$boundary\"\r\n";
// Email body with attachment
$mailBody = "--$boundary\r\n";
$mailBody .= "Content-Type: text/plain; charset=\"UTF-8\"\r\n";
$mailBody .= "Content-Transfer-Encoding: 7bit\r\n";
$mailBody .= "\n";
// Include sanitized data
foreach ($sanitized_data as $key => $value) {
$mailBody .= "$key: $value\n";
}
$mailBody .= "IP Address: $ipAddress\n";
$mailBody .= "Location: $city, $region, $country, $country_code\n";
$mailBody .= "\n";
// File attachment
$mailBody .= "--$boundary\r\n";
$mailBody .= "Content-Type: $fileType; name=\"$fileName\"\r\n";
$mailBody .= "Content-Disposition: attachment; filename=\"$fileName\"\r\n";
$mailBody .= "Content-Transfer-Encoding: base64\r\n";
$mailBody .= "\n";
$mailBody .= $fileContent . "\n";
$mailBody .= "--$boundary--";
} else {
// If no file is uploaded, send a simple plain text email
$headers = "Content-Type: text/plain; charset=\"UTF-8\"\r\n";
$mailBody = "";
foreach ($sanitized_data as $key => $value) {
$mailBody .= "$key: $value\n";
}
$mailBody .= "IP Address: $ipAddress\n";
$mailBody .= "Location: $city, $region, $country, $country_code\n";
}
// Extract specific variables if needed
$name = $sanitized_data['name'] ?? 'User';
$email = $sanitized_data['email'] ?? 'no-reply@example.com';
$content = $sanitized_data['content'] ?? 'No Topic';
// Send email
$headers .= "From: $brands <$email>";
if (mail($address, "$brands ($content)", $mailBody, $headers)) {
$output = json_encode(array(
'type' => 'message',
'text' => "$name, thank you for the Signup. We will get back to you shortly.",
'success' => true
));
die($output);
} else {
http_response_code(500);
echo json_encode(array(
'type' => 'error',
'text' => "Something went wrong with sending the email.",
'success' => false
));
}
} else {
http_response_code(403);
echo "Forbidden";
}
?>